Anthropic Project Glasswing Pushes Data-Centric Access Controls
A vendor post argues that vulnerability-disclosure pace tied to AI models will outstrip remediation timelines, shifting focus from faster patching to controlling access to data while fixes are pending. The guidance targets SOC, SecOps, and security architecture teams managing high-severity queues.
Research Overview
The post discusses Anthropic’s Project Glasswing and describes a reported finding that surfaced 10,000 high- or critical-severity vulnerabilities across critical enterprise software within one month. It also cites an example described in the same context where a single partner organization found 2,000 bugs in its own systems over thirty days, along with a stated false positive rate assessed by its security team.
The author frames the discussion around operational capacity in SOC workflows and notes that open-source maintainers asked to slow disclosures due to volume constraints, while also describing the possibility that attackers gain visibility into exploitable paths faster.
Key Findings
The post states that typical remediation timelines for high-severity vulnerabilities average around two weeks in a referenced SOC context, which creates a sustained backlog when new issues arrive continuously. It links this backlog to both defender workload limits and the idea that AI can shorten the time required to map environments, chain attack paths, and develop exploits.
It also emphasizes that exploitation risk is not limited to perimeter access, because AI-driven actions can operate inside user sessions and at the data layer through transactions that existing perimeter controls were not designed to inspect.
Technical Breakdown
The article argues that zero trust and secure access architectures such as ZTNA and SASE remain relevant because the vulnerabilities enable access to data and allow actors to view, change, lock, or steal infrastructure. It presents data-centric access control as the mechanism for reducing exposure while patching is in progress.
It then discusses how attack methods and AI use inside enterprises have expanded, using Netskope’s “AI Risk and Readiness Report” to describe reported rates of unmanaged AI use and limited detection coverage for shadow AI. The post adds that it is difficult to stop risky AI-driven actions before execution and describes AI agents making continuous API calls, chaining to services, querying databases, reading email threads, processing documents, and interacting with code repositories.
Operational Impact
As an example of agent-driven risk, the post cites CVE-2025-32711, disclosed in June 2025 with a CVSS severity of 9.3. It describes a “zero-click prompt injection” in Microsoft 365 Copilot that required no user interaction, using a crafted email ingested during routine summarization to extract data from OneDrive, SharePoint, and Teams, then exfiltrate it via a trusted Microsoft domain, with antivirus and firewall or static scanning described as not triggering.
The author also points to “authority drift,” describing how permissions can expand through inheritance, integration, and convenience over months, and how no single process may approve the combined access footprint. The post asserts that when an attacker exploits an agent with an oversized footprint and overprovisioned permissions, lateral movement can occur quickly across systems and resources the agent was authorized to touch.
Leadership Perspective
In place of a strategy focused on patching everything first, the post proposes controlling what can be reached during the patch window. It ties this to building unified data protection across the data ecosystem so that AI applications, workflows, and use cases are covered rather than left outside existing protections.
The author concludes that the patch window has been replaced by an AI-speed threat window and that the approach should concentrate on securing enterprise data. The final message states that whether organizations are using AI infrastructure, supporting hybrid workforces, or enabling AI at pace, the data should be the center of the security design.
Blog Signals brief is a fact-based summary of a vendor blog that links AI-fueled vulnerability discovery to longer operational vulnerability queues and argues for data-centered access control, unified data protection, and attention to authorization changes during ongoing remediation. It frames the issue for enterprise IT and security decision-makers managing SOC throughput, zero trust architectures, and AI-agent risk.